Ending a Spy Code Work – The Syrian Abuse

The “disgusting” way the DarkComet Remote Admin Tool (Rat) was being used in Syria had led to its production being halted, said Jean-Pierre Lesueur. He said his intention had only ever been to produce tools that were better than those commercially available. Syria’s use of the tool emerged earlier this year as the government sought to keep tabs on opponents in the country’s ongoing civil conflict. Experts welcomed DarkComet’s demise, saying the Rat was being widely abused.

The Syrian government attempted to use this function of the Rat by trying to trick its opponents into opening a booby-trapped Skype chat message. Once DarkComet is installed on a target PC it allows remote access to that machine and can log any activity on it. In a message posted to the DarkComet website, Mr Lesueur said he was ending the project after four years of work because of the widespread “misuse of the tool”.

He said it was never his intention for the tool to be used by hacker groups and he did not want to be held responsible for what people, and governments, had done with DarkComet. Mr Lesueur said he would continue working in computer security but only on projects that could not be turned to malicious ends. The decision to shut down DarkComet means there will be no future versions, but nothing has been done to remove copies of the programs already in use.Rik Ferguson, director of security research in Europe for Trend Micro, said he and many other professionals had used DarkComet for penetration testing and malware detection but not as a management tool.

However, he said, the overwhelming use of DarkComet was by those with malicious or dubious intentions. He said some of the tool’s menu items and functions made it hard to believe it was intended entirely for legitimate use. “It was no surprise to hear of the Syrian regime using this Rat to spy on their population,” Mr Ferguson told the BBC. “It follows in the grand tradition of using Rats in targeted, politically motivated attacks such as LuckyCat, Gh0stnet and Shadownet.”